diff --git a/.github/workflows/unittest.yaml b/.github/workflows/unittest.yaml index 0c3e8100d..08db26b12 100644 --- a/.github/workflows/unittest.yaml +++ b/.github/workflows/unittest.yaml @@ -22,4 +22,4 @@ jobs: - name: Run unit tests run: - helm unittest -f 'test/unittest/*.yaml' . + helm unittest -f 'test/unittest/*/*.yaml' . diff --git a/test/unittest/core_configmap_test.yaml b/test/unittest/core/core_configmap_test.yaml similarity index 100% rename from test/unittest/core_configmap_test.yaml rename to test/unittest/core/core_configmap_test.yaml diff --git a/test/unittest/core_deployment_test.yaml b/test/unittest/core/core_deployment_test.yaml similarity index 100% rename from test/unittest/core_deployment_test.yaml rename to test/unittest/core/core_deployment_test.yaml diff --git a/test/unittest/core_job_test.yaml b/test/unittest/core/core_job_test.yaml similarity index 100% rename from test/unittest/core_job_test.yaml rename to test/unittest/core/core_job_test.yaml diff --git a/test/unittest/core_secret_test.yaml b/test/unittest/core/core_secret_test.yaml similarity index 100% rename from test/unittest/core_secret_test.yaml rename to test/unittest/core/core_secret_test.yaml diff --git a/test/unittest/core_svc_test.yaml b/test/unittest/core/core_svc_test.yaml similarity index 100% rename from test/unittest/core_svc_test.yaml rename to test/unittest/core/core_svc_test.yaml diff --git a/test/unittest/core_tls_test.yaml b/test/unittest/core/core_tls_test.yaml similarity index 100% rename from test/unittest/core_tls_test.yaml rename to test/unittest/core/core_tls_test.yaml diff --git a/test/unittest/exporter/exporter_configmap_test.yaml b/test/unittest/exporter/exporter_configmap_test.yaml new file mode 100644 index 000000000..23a564450 --- /dev/null +++ b/test/unittest/exporter/exporter_configmap_test.yaml @@ -0,0 +1,117 @@ +suite: ExporterConfigMap + +tests: + - it: ProxyJobservice + set: + metrics: + enabled: true + proxy: + httpProxy: 1.1.1.1 + httpsProxy: 2.2.2.2 + noProxy: 127.0.0.1,localhost,.local,.internal + components: + - jobservice + template: templates/exporter/exporter-cm-env.yaml + asserts: + - equal: + path: data.HTTP_PROXY + value: 1.1.1.1 + - equal: + path: data.HTTPS_PROXY + value: 2.2.2.2 + - equal: + path: data.NO_PROXY + value: RELEASE-NAME-harbor-core,RELEASE-NAME-harbor-jobservice,RELEASE-NAME-harbor-database,RELEASE-NAME-harbor-registry,RELEASE-NAME-harbor-portal,RELEASE-NAME-harbor-trivy,RELEASE-NAME-harbor-exporter,127.0.0.1,localhost,.local,.internal + + - it: ProxyNoJobservice + set: + metrics: + enabled: true + proxy: + httpProxy: 1.1.1.1 + httpsProxy: 2.2.2.2 + noProxy: 127.0.0.1,localhost,.local,.internal + components: + - testComponent + template: templates/exporter/exporter-cm-env.yaml + asserts: + - notExists: + path: data.HTTP_PROXY + - notExists: + path: data.HTTPS_PROXY + - notExists: + path: data.NO_PROXY + + - it: FullSecrets + set: + metrics: + enabled: true + exporter: + path: /testEndpoint + port: 1111 + exporter: + cacheDuration: 30 + cacheCleanInterval: 1000 + logLevel: debug + database: + maxIdleConns: 100 + maxOpenConns: 50 + template: templates/exporter/exporter-cm-env.yaml + asserts: + - equal: + path: data.LOG_LEVEL + value: debug + - equal: + path: data.HARBOR_EXPORTER_PORT + value: "1111" + - equal: + path: data.HARBOR_EXPORTER_METRICS_PATH + value: /testEndpoint + - equal: + path: data.HARBOR_EXPORTER_METRICS_ENABLED + value: "true" + - equal: + path: data.HARBOR_EXPORTER_CACHE_TIME + value: "30" + - equal: + path: data.HARBOR_EXPORTER_CACHE_CLEAN_INTERVAL + value: "1000" + - equal: + path: data.HARBOR_REDIS_URL + value: redis://RELEASE-NAME-harbor-redis:6379/1 + - equal: + path: data.HARBOR_REDIS_NAMESPACE + value: harbor_job_service_namespace + - equal: + path: data.HARBOR_REDIS_TIMEOUT + value: "3600" + - equal: + path: data.HARBOR_SERVICE_SCHEME + value: http + - equal: + path: data.HARBOR_SERVICE_HOST + value: RELEASE-NAME-harbor-core + - equal: + path: data.HARBOR_SERVICE_PORT + value: "80" + - equal: + path: data.HARBOR_DATABASE_HOST + value: RELEASE-NAME-harbor-database + - equal: + path: data.HARBOR_DATABASE_PORT + value: "5432" + - equal: + path: data.HARBOR_DATABASE_USERNAME + value: postgres + - equal: + path: data.HARBOR_DATABASE_DBNAME + value: registry + - equal: + path: data.HARBOR_DATABASE_SSLMODE + value: disable + - equal: + path: data.HARBOR_DATABASE_MAX_IDLE_CONNS + value: "100" + - equal: + path: data.HARBOR_DATABASE_MAX_OPEN_CONNS + value: "50" \ No newline at end of file diff --git a/test/unittest/exporter/exporter_deployment_test.yaml b/test/unittest/exporter/exporter_deployment_test.yaml new file mode 100644 index 000000000..40c85101c --- /dev/null +++ b/test/unittest/exporter/exporter_deployment_test.yaml @@ -0,0 +1,313 @@ +suite: ExporterDeployment + +tests: + - it: PodLabels + set: + metrics: + enabled: true + exporter: + podLabels: + test.label: test-label + template: templates/exporter/exporter-dpl.yaml + asserts: + - equal: + path: spec.template.metadata.labels["test.label"] + value: test-label + + - it: PodAnnotations + set: + metrics: + enabled: true + exporter: + podAnnotations: + test.annotation: test-annotation + template: templates/exporter/exporter-dpl.yaml + asserts: + - equal: + path: spec.template.metadata.annotations["test.annotation"] + value: test-annotation + + - it: NoReplicas + set: + metrics: + enabled: true + exporter: + replicas: 0 + template: templates/exporter/exporter-dpl.yaml + asserts: + - equal: + path: spec.replicas + value: 0 + + - it: MultipleReplicas + set: + metrics: + enabled: true + exporter: + replicas: 2 + template: templates/exporter/exporter-dpl.yaml + asserts: + - equal: + path: spec.replicas + value: 2 + + - it: ServiceAccounts + set: + metrics: + enabled: true + exporter: + serviceAccountName: testServiceAccount + template: templates/exporter/exporter-dpl.yaml + asserts: + - equal: + path: spec.template.spec.serviceAccountName + value: testServiceAccount + + - it: ImagePullSecrets + set: + metrics: + enabled: true + imagePullSecrets: + - name: test-secret-1 + - name: test-secret-2 + template: templates/exporter/exporter-dpl.yaml + asserts: + - lengthEqual: + path: spec.template.spec.imagePullSecrets + count: 2 + - equal: + path: spec.template.spec.imagePullSecrets + value: + - name: test-secret-1 + - name: test-secret-2 + + - it: TopologySpreadConstraints + set: + metrics: + enabled: true + exporter: + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + template: templates/exporter/exporter-dpl.yaml + asserts: + - lengthEqual: + path: spec.template.spec.topologySpreadConstraints + count: 1 + - contains: + path: spec.template.spec.topologySpreadConstraints + content: + labelSelector: + matchLabels: + app: harbor + component: exporter + release: RELEASE-NAME + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + + - it: ContainerImage + set: + metrics: + enabled: true + exporter: + image: + repository: test-repository/test-image + tag: 1.0.0 + template: templates/exporter/exporter-dpl.yaml + asserts: + - equal: + path: spec.template.spec.containers[0].image + value: test-repository/test-image:1.0.0 + + - it: ExistingSecretAdminPassword + set: + metrics: + enabled: true + existingSecretAdminPassword: HARBOR_ADMIN_PASSWORD + template: templates/exporter/exporter-dpl.yaml + asserts: + - lengthEqual: + path: spec.template.spec.containers[0].env + count: 1 + - equal: + path: spec.template.spec.containers[0].env[0].name + value: HARBOR_ADMIN_PASSWORD + - equal: + path: spec.template.spec.containers[0].env[0].valueFrom.secretKeyRef.name + value: HARBOR_ADMIN_PASSWORD + - equal: + path: spec.template.spec.containers[0].env[0].valueFrom.secretKeyRef.key + value: HARBOR_ADMIN_PASSWORD + + - it: InternalTLS + set: + metrics: + enabled: true + internalTLS: + enabled: true + template: templates/exporter/exporter-dpl.yaml + asserts: + - equal: + path: spec.template.spec.containers[0].volumeMounts[0].name + value: core-internal-certs + - equal: + path: spec.template.spec.containers[0].volumeMounts[0].mountPath + value: /etc/harbor/ssl/core + + - it: DBCredentials + set: + metrics: + enabled: true + database: + external: + existingSecret: db-secret-name + template: templates/exporter/exporter-dpl.yaml + asserts: + - lengthEqual: + path: spec.template.spec.containers[0].env + count: 1 + - equal: + path: spec.template.spec.containers[0].env[0].name + value: HARBOR_DATABASE_PASSWORD + - equal: + path: spec.template.spec.containers[0].env[0].valueFrom.secretKeyRef.name + value: db-secret-name + - equal: + path: spec.template.spec.containers[0].env[0].valueFrom.secretKeyRef.key + value: password + + - it: ContainerSecurityContext + set: + metrics: + enabled: true + containerSecurityContext: + privileged: true + allowPrivilegeEscalation: true + seccompProfile: + type: RuntimeDefault + runAsNonRoot: true + capabilities: + drop: + - All + template: templates/exporter/exporter-dpl.yaml + asserts: + - equal: + path: spec.template.spec.containers[0].securityContext.privileged + value: true + - equal: + path: spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation + value: true + - equal: + path: spec.template.spec.containers[0].securityContext.seccompProfile.type + value: RuntimeDefault + - equal: + path: spec.template.spec.containers[0].securityContext.runAsNonRoot + value: true + - equal: + path: spec.template.spec.containers[0].securityContext.capabilities.drop[0] + value: All + + - it: Resources + set: + metrics: + enabled: true + exporter: + resources: + requests: + memory: 256Mi + cpu: 100m + limits: + memory: 500Mi + cpu: 200m + template: templates/exporter/exporter-dpl.yaml + asserts: + - equal: + path: spec.template.spec.containers[0].resources.requests.cpu + value: 100m + - equal: + path: spec.template.spec.containers[0].resources.requests.memory + value: 256Mi + - equal: + path: spec.template.spec.containers[0].resources.limits.cpu + value: 200m + - equal: + path: spec.template.spec.containers[0].resources.limits.memory + value: 500Mi + + - it: NodeSelector + set: + metrics: + enabled: true + exporter: + nodeSelector: + node.selector/tier: test-node-selector + template: templates/exporter/exporter-dpl.yaml + asserts: + - equal: + path: spec.template.spec.nodeSelector["node.selector/tier"] + value: test-node-selector + + - it: Affinity + set: + metrics: + enabled: true + exporter: + affinity: + podAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: test-affinity + operator: In + values: + - S1 + topologyKey: topology.kubernetes.io/zone + template: templates/exporter/exporter-dpl.yaml + asserts: + - equal: + path: spec.template.spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[0].labelSelector.matchExpressions[0].key + value: test-affinity + - equal: + path: spec.template.spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[0].labelSelector.matchExpressions[0].operator + value: In + - equal: + path: spec.template.spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[0].labelSelector.matchExpressions[0].values[0] + value: S1 + - equal: + path: spec.template.spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[0].topologyKey + value: topology.kubernetes.io/zone + + - it: Tolerations + set: + metrics: + enabled: true + exporter: + tolerations: + - effect: NoSchedule + key: test-label + value: test + template: templates/exporter/exporter-dpl.yaml + asserts: + - equal: + path: spec.template.spec.tolerations[0].effect + value: NoSchedule + - equal: + path: spec.template.spec.tolerations[0].key + value: test-label + - equal: + path: spec.template.spec.tolerations[0].value + value: test + + - it: PriorityClassName + set: + metrics: + enabled: true + exporter: + priorityClassName: test-priority + template: templates/exporter/exporter-dpl.yaml + asserts: + - equal: + path: spec.template.spec.priorityClassName + value: test-priority diff --git a/test/unittest/exporter/exporter_secret_test.yaml b/test/unittest/exporter/exporter_secret_test.yaml new file mode 100644 index 000000000..3b077e13f --- /dev/null +++ b/test/unittest/exporter/exporter_secret_test.yaml @@ -0,0 +1,36 @@ +suite: ExporterSecret + +tests: + - it: Secret + set: + metrics: + enabled: true + template: templates/exporter/exporter-secret.yaml + asserts: + - equal: + path: data.HARBOR_ADMIN_PASSWORD + value: "SGFyYm9yMTIzNDU=" + - exists: + path: data.HARBOR_DATABASE_PASSWORD + + - it: ExistingAdminSecret + set: + metrics: + enabled: true + existingSecretAdminPassword: test-password + template: templates/exporter/exporter-secret.yaml + asserts: + - notExists: + path: data.HARBOR_ADMIN_PASSWORD + + - it: ExistingExternalDBSecret + set: + metrics: + enabled: true + database: + external: + existingSecret: test-db-secret + template: templates/exporter/exporter-secret.yaml + asserts: + - notExists: + path: data.POSTGRESQL_PASSWORD diff --git a/test/unittest/exporter/exporter_svc_test.yaml b/test/unittest/exporter/exporter_svc_test.yaml new file mode 100644 index 000000000..160d6b890 --- /dev/null +++ b/test/unittest/exporter/exporter_svc_test.yaml @@ -0,0 +1,14 @@ +suite: ExporterSvc + +tests: + - it: ExposeMetricsPort + set: + metrics: + enabled: true + exporter: + port: 1111 + template: templates/exporter/exporter-svc.yaml + asserts: + - equal: + path: spec.ports[0].port + value: 1111 \ No newline at end of file diff --git a/test/unittest/trivy_statefulset_test.yaml b/test/unittest/trivy/trivy_statefulset_test.yaml similarity index 100% rename from test/unittest/trivy_statefulset_test.yaml rename to test/unittest/trivy/trivy_statefulset_test.yaml